Top spammer indicted on email fraud, identity theft

A top spammer known as the "Spam King" has been arrested after years of investigations and experts say it could result in a short-term dip in the volume of spam.

Robert Alan Soloway, 27, is accused of using botnets to send out millions of spam emails. A federal grand jury returned a 35-count indictment against Soloway charging him with mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money laundering, according to the Associated Press.

Soloway pleaded not guilty Wednesday afternoon to all charges. The case is the first in the country in which federal prosecutors have used identity theft statutes to prosecute a spammer for taking over an Internet domain name. Soloway could face decades in prison.

Prosecutors say Soloway infected computers with malicious code to create massive botnets of zombie machines and sent out millions of junk emails since 2003.

Experts optimistic but guarded.

Soloway's arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from gangs based in Asia and Russia, where law enforcement is not as tough on cybercrime.

Dmitri Alperovitch, chief research scientist at Secure Computing's TrustedSource Labs called the arrest an important test to cybercrime laws. Other countries will be watching the case closely, he said.

"If this prosecution is successful it should boost morale around the country and have an effect on law enforcement

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

of cybercrime around the world," Alperovitch said.

The prosecution faces a difficult battle to link the spammer to compromised machines. In many cases, investigators track products being shipped as a result of spam campaigns, he said.

Depsite the technical issues, Cybercrime laws are being updated in several countries, including Russia, where an antispam law was recently enacted. Although Soloway is based in the United States, much of his spamming activity could be traced to botnets in Asia, where many computers are infected, Alperovitch said.

Other experts say spam will continue to plague inboxes as long as its profitable for spammers.

"I wouldn't breathe any sigh of relief because he was caught," said Charlotte Dunlap, a senior analyst at Sterling, Va.-based Current Analysis. "Enterprises continue to keep throwing more and more products at the spam problem, which is costly and not always terribly effective."

Spammers have become increasingly sophisticated developing techniques to trick antispam software. Image based spam is one of the latest types of spam found slipping through some corporate email systems.

Dunlap said the latest technologies being implemented to fight spam are reputation services, which can identify and rate suspicious email. The goal is to cut off a lot of malware at the gateway before it even enters an enterprise's network, she said.

Botnet sophistication is also continuing to increase baffling some researchers, said Alex Shipp, an anti-virus technologist for email/IM security vendor, MessageLabs. The vendor has been tracking a number of groups using botnets to spew malware laced spam, including a Taiwanese criminal spam ring.

"You need less bots to do the work that you used to need," Shipp said. "Coders are becoming smarter and they're becoming much more difficult to detect."

Soloway allegedly used the botnets to send the spam urging people to use his marketing company to advertise their products. On his Web site, Soloway advertised his ability to send out as many as 20 million email advertisements over 15 days for $495, according to the indictment.

Microsoft won a $7 million civil judgment against him in 2005 to try and stop the spammer, but prosecutors said he continued his activities.

Prosecutors are seeking to have him forfeit $773,000 they say he made from his business, Newport Internet Marketing Corp.

The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.

News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play app vetting.

Social engineering techniques have become increasingly sophisticated as more personal and corporate data is shared on the Internet, and traditional training techniques may not be enough to keep enterprises safe.